Main

What is this FAQ about?

This FAQ answers some of the questions that developers have about Web Application Security. This FAQ is not specific to a particular platform or language. It addresses the common threats to web applications and are applicable to any platform.

What are these common threats to Web Applications?

While developing an application, most of us are focused on the functionality rather than security. Attackers take advantage of this by exploiting the application in a number of ways. Some of the common threats to web applications are SQL Injection, Cross Site Scripting, Variable Manipulation and exploitation of important features like Forgot Password. There are separate sections in this FAQ answering the common questions on these threats.

Who developed this FAQ?

This FAQ is an evolving document with contributions from the security community. Sangita Pakala and her team from Paladion Networks developed the first version of the FAQ and maintain this page.

How can I contribute to this FAQ?

We need your feedback and contributions to improve the FAQ. We'd love to hear from you about: